[求助]这个是我的狗的信息请给予帮助-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]这个是我的狗的信息请给予帮助 0.00雪花

发表于: 2010-4-26 20:46 1073

[旧帖] [求助]这个是我的狗的信息请给予帮助 0.00雪花

wuhanshs

2010-4-26 20:46

1073

004FB52F  |.  81C4 F4FDFFFF ADD ESP,-20C
004FB535  |.  53          PUSH EBX
004FB536  |.  56          PUSH ESI
004FB537  |.  33C0       XOR EAX,EAX
004FB539  |.  8985 F4FDFFFF MOV DWORD PTR SS:[EBP-20C],EAX
004FB53F  |.  BE 1CEE9900 MOV ESI,0099EE1C
004FB544  |.  33C0       XOR EAX,EAX
004FB546  |.  55          PUSH EBP
004FB547  |.  68 7BB64F00 PUSH 004FB67B
004FB54C  |.  64:FF30    PUSH DWORD PTR FS:[EAX]
004FB54F  |.  64:8920    MOV DWORD PTR FS:[EAX],ESP
004FB552  |.  68 8CB64F00 PUSH 004FB68C                         ; /FileName = "Rockey2.dll"
004FB557  |.  E8 60C8F0FF CALL <JMP.&kernel32.LoadLibraryA>       ; \LoadLibraryA
004FB55C  |.  8906       MOV DWORD PTR DS:[ESI],EAX
004FB55E  |.  833E 00    CMP DWORD PTR DS:[ESI],0
004FB561  |.  75 07       JNZ SHORT 004FB56A
004FB563  |.  33DB       XOR EBX,EBX
004FB565  |.  E9 F8000000 JMP 004FB662
004FB56A  |>  68 98B64F00 PUSH 004FB698                         ; /ProcNameOrOrdinal = "RY2_Find"
004FB56F  |.  8B06       MOV EAX,DWORD PTR DS:[ESI]             ; |
004FB571  |.  50          PUSH EAX                               ; |hModule
004FB572  |.  E8 75C7F0FF CALL <JMP.&kernel32.GetProcAddress>    ; \GetProcAddress
004FB577  |.  8B15 C8CC9900 MOV EDX,DWORD PTR DS:[99CCC8]          ;  Main.0099ED64
004FB57D  |.  8902       MOV DWORD PTR DS:[EDX],EAX
004FB57F  |.  68 A4B64F00 PUSH 004FB6A4                         ; /ProcNameOrOrdinal = "RY2_Open"
004FB584  |.  8B06       MOV EAX,DWORD PTR DS:[ESI]             ; |
004FB586  |.  50          PUSH EAX                               ; |hModule
004FB587  |.  E8 60C7F0FF CALL <JMP.&kernel32.GetProcAddress>    ; \GetProcAddress
004FB58C  |.  8B15 A8D39900 MOV EDX,DWORD PTR DS:[99D3A8]          ;  Main.0099ED68
004FB592  |.  8902       MOV DWORD PTR DS:[EDX],EAX
004FB594  |.  68 B0B64F00 PUSH 004FB6B0                         ; /ProcNameOrOrdinal = "RY2_Close"
004FB599  |.  8B06       MOV EAX,DWORD PTR DS:[ESI]             ; |
004FB59B  |.  50          PUSH EAX                               ; |hModule
004FB59C  |.  E8 4BC7F0FF CALL <JMP.&kernel32.GetProcAddress>    ; \GetProcAddress
004FB5A1  |.  8B15 C4D79900 MOV EDX,DWORD PTR DS:[99D7C4]          ;  Main.0099ED6C
004FB5A7  |.  8902       MOV DWORD PTR DS:[EDX],EAX
004FB5A9  |.  68 BCB64F00 PUSH 004FB6BC                         ; /ProcNameOrOrdinal = "RY2_Read"
004FB5AE  |.  8B06       MOV EAX,DWORD PTR DS:[ESI]             ; |
004FB5B0  |.  50          PUSH EAX                               ; |hModule
004FB5B1  |.  E8 36C7F0FF CALL <JMP.&kernel32.GetProcAddress>    ; \GetProcAddress
004FB5B6  |.  8B15 ACD59900 MOV EDX,DWORD PTR DS:[99D5AC]          ;  Main.0099ED70
004FB5BC  |.  8902       MOV DWORD PTR DS:[EDX],EAX
004FB5BE  |.  A1 C8CC9900 MOV EAX,DWORD PTR DS:[99CCC8]
004FB5C3  |.  8B00       MOV EAX,DWORD PTR DS:[EAX]
004FB5C5  |.  FFD0       CALL EAX
004FB5C7  |.  85C0       TEST EAX,EAX
004FB5C9  |.  7D 0F       JGE SHORT 004FB5DA
004FB5CB  |.  33DB       XOR EBX,EBX
004FB5CD  |.  8B06       MOV EAX,DWORD PTR DS:[ESI]
004FB5CF  |.  50          PUSH EAX                               ; /hLibModule
004FB5D0  |.  E8 5FC6F0FF CALL <JMP.&kernel32.FreeLibrary>       ; \FreeLibrary
004FB5D5  |.  E9 88000000 JMP 004FB662
004FB5DA  |>  B8 D0B64F00 MOV EAX,004FB6D0                      ;  ASCII "-2047161255"
004FB5DF  |.  E8 88F2F0FF CALL 0040A86C

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

收藏・1

免费・0

支持

[旧帖] [求助]这个是我的 狗的信息 请给予帮助 0.00雪花

[旧帖] [求助]这个是我的狗的信息请给予帮助 0.00雪花